Real World Web Services - Object...

Real World Web Services

An Alphabet Soup of Competing(and Complimentary) APIs, DataFormats, and Paradigms

© 2006, Davisworld.org

Introduction

• My name is Scott Davis– JBoss At Work

(O’Reilly)– Google Maps API

(Pragmatic Bookshelf)– Pragmatic GIS

(Pragmatic Bookshelf)

• I’m currently a SeniorSoftware Engineer atOpenLogic


• We are going to explore a veritable alphabetsoup of acronyms and phrases:– If you can name them all, you win Buzzword

Bingo!• SOA, WS• AJAX, HTML++, Client/SOA, XSS• Web 2.0• SOAP, WSDL, UDDI, XML-RPC• REST, POX• JSON, YAML• RSS, RDF, Atom• ESB, BPEL


• We will dig through these TLAs togetherand make some sense of them

The TLA (three-letter acronym or three-letter abbreviation) is the most populartype of abbreviation in technical terminology…

TLA is a three-letter abbreviation itself; the term was almost certainly coined with acertain degree of self-referential humor in mind.

(Source: http://en.wikipedia.org/wiki/Tla)


• Although even the definition of “TLA” isn’twithout controversy:

• Why can’t we all just get along?

…an acronym is a pronounceable word formed from the initial letter or letters ofeach of the constituent words, such as NATO or RADAR

…an initialism refers to an abbreviation pronounced as the names of the individualletters, such as TLA or XHTML

(Source: http://en.wikipedia.org/wiki/Acronym_and_initialism)


• As you will soon find out, thispresentation relies heavily on thecollective wisdom (and unintentionalhumor) of wikipedia.org


What is SOA?

• SOA means Service-Oriented Architecture– Wikipedia places it in “Category: Ambiguous

three-letter acronyms”• (How true!)

– Other possible definitions:• Start of Authority (for DNS fans)• Sarbanes-Oxley Act (for Enron accounting-scandal fans)• Soldiers of Allah (for Islamic rap fans -- no joke!)


• The wikipedia definition does little todisambiguate the matter:

• Huh?

In computing, the term Service-Oriented Architecture (SOA) expresses a softwarearchitectural concept that defines the use of services to support the requirementsof software users.

(Source: http://en.wikipedia.org/wiki/Service-oriented_architecture)


• Reading a bit further helps clarify things:

– OK, now we’re on to something here• Small Pieces Loosely Joined: A Unified Theory of the

Web by David Weinberger• Loosely Coupled: The Missing Pieces of Web Services

by Doug Kaye

In a SOA environment, nodes on a network make resources available to otherparticipants in the network as independent services that the participants access in astandardized way.

Unlike traditional point-to-point architectures, SOAs comprise loosely coupled,highly interoperable application services.



• Service– The functionality is exposed as an interface

• We don’t know (or care) what form the clientwill take or how it will use the data

• The client doesn’t know (or care) whatlanguage we use to implement the service

– All we care about is getting the data from here tothere…


• Loosely Coupled– Tiny stateless services

• getStockValue(“IBM”)• getCurrentTemp(“Denver”)

– They can return either a single primitive value or acomplex document containing a set of results

• Highly Interoperable– Language/Vendor/Platform-neutral


• SOA sounds a bit like WS, doesn’t it?

• WS is a popular way to implement SOA, but it could beargued that e-mail is an SOA as well…

– Clients can be implemented in any language, any platform– Beyond simple person-to-person e-mail messages, SMTP

can be used as a “messaging platform”» Mailing lists (subscribe/unsubscribe via keywords)» Continuous-build failure notifications» Cell phone/parking meter interface

Most definitions of SOA identify the use of Web service in its implementation.However, one can implement SOA using any service-based technology.



What are Web Services?

• The WS definition is as vague as the SOAdefinition

According to the W3C a Web service is a software system designed to supportinteroperable machine-to-machine interaction over a network.

(Source: http://en.wikipedia.org/wiki/Web_service)


• Reading farther yields some more meat:It has an interface that is described in a machine-processable format…

Other systems interact with the Web service in a manner prescribed by its interfaceusing messages…

These messages are typically conveyed using HTTP, and normally comprise XML inconjunction with other Web-related standards.

Software applications written in various programming languages and running onvarious platforms can use web services to exchange data over computer networkslike the Internet…

This interoperability (for example, between Java and Python, or Microsoft Windowsand Linux applications) is due to the use of open standards…

(Source: http://en.wikipedia.org/wiki/Web_service)


• Here is the simplest possible definitionof a Web Service:– “Make a request on port 80, get XML back”

• Of course, the format of the request, the port itis made on, and format of the returned data canall vary… (grimace)


• There is one unambiguous thing aboutWS: It is “Remote” and “Message-Oriented”– What makes it different than other remoting

architectures?• RMI, DCOM, CORBA

– What makes it different than othermessage-oriented architectures?

• JMS, MSMQ


• WS represent a “perfect storm” of ideas– Remote, only this time in a

language/vendor/platform-neutral way– Message-oriented, only this time in a

language/vendor/platform-neutral way– Piggy backs on a ubiquitous

language/vendor/platform-neutralinfrastructure -- the Internet (and morespecifically, the Web)


• Web Services leverage the ubiquity of the Web todeliver services– Every company has a web server in place– Every company has port 80 open

• Q: Why does every town have taxi and bus service,but only a few have subways, trolleys, monorails,gondolas, etc?– A: Existing Infrastructure


• What is the difference between “the web” and“web services”?– The Web is all about

Presentation (HTML)

– WS is all aboutData (XML)

• In MVC terms:– The Web is the

View– WS is the Model

<h1>Honda Accord</h1><b>Color:</b> Black<br><b>Sunroof:</b> Yes<br>

<car type=“Honda Accord”> <color>Black</color> <sunroof>Yes</sunroof></car>


• So where is the Controller (i.e. where isthe integration of Model and View)?– Traditionally, it is on the web server as a

part of the UI framework (Struts/WebWork,Rails, Tapestry, etc.)

– Increasingly, it is in the browser courtesy ofAJAX


What is AJAX?

• It is the combination of browser-based:– XHTML– JavaScript– DOM– CSS– XMLHttpRequest (XHR)

Asynchronous JavaScript And XML, or its acronym Ajax (Pronounced A-JAX), is aWeb development technique for creating interactive web applications.

The intent is to shift a great deal of interaction to the Web surfer's computer,exchanging data with the server behind the scenes, so that the entire Web pagedoes not have to be reloaded each time the user makes a change.

(Source: http://en.wikipedia.org/wiki/Ajax_%28programming%29)


What is Client/SOA?

• Some people dismiss AJAX as simply“HTML++” and are trying to popularizethe concept of “Client/SOA”:

– In Client/SOA, the browser is the new JVM

This architecture is considered by some to be the natural endpoint of evolution ofthe web from a primarily server-centric architecture, which includes what somehave termed AJAX or HTML++, to one in which the browser is an autonomouscomponent which can access and aggregate data from one or more user-selectedweb services, i.e. an architecture fully realized in a true client-side portalingapplication.

(Source: http://en.wikipedia.org/wiki/Client/SOA)


What is XSS?

• There is only one hitch in the road to trueClient/SOA Nirvana: XSS

– All web browsers restrict AJAX/XHR requests tothe original domain of the web page

• In other words, http://www.davisworld.org/test.htmlcannot make a WS call tohttp://api.google.com/search/beta2

Cross site scripting (XSS) is a type of computer security vulnerability typically foundin web applications which can be used by an attacker to compromise the “sameorigin” policy of client-side scripting languages.

(Source: http://en.wikipedia.org/wiki/XSS)


• XSS Workarounds:– Digitally sign your JavaScript

• No cross-browser solution exists• http://www.mozilla.org/projects/security/

components/signed-scripts.html– Create a proxy in your domain that can

make calls on the client’s behalf• XSS limits what calls the browser can make,

not a server-side component


• Creating a proxy is by far the easier ofthe two:– Request:

http://www.davisworld.org/city-ws-proxy.jsp?city=Denver

– Proxy:


• All of these ideas lead to what the pundits are calling"Web 2.0"– Tim O'Reilly (Founder and CEO of O'Reilly Media) calls it

"Web 2.0".– Jonathon Schwarz (President and COO of Sun

Microsystems) calls it "The Participation Age".


What is Web 2.0?

• While there are no hard and fast definitions, the samebasic ideas come up over and over:– Favor interactive web applications over static/passive web

pages (AJAX)– Favor data/web services in addition to fixed

presentation/HTML (WS)– Allow/encourage your content to be integrated into other

applications (Mash-ups -- AJAX+WS)


• We’re getting ready to move from theconceptual to the concrete– All of the following WS implementations

adhere to a common spirit, but vary in• Transport• Request format• Response format


What is SOAP?

• SOAP is one of the most common WSimplementations

– XML-RPC was a precursor to SOAP

SOAP is a protocol for exchanging XML-based messages over a computer network,normally using HTTP. SOAP forms the foundation layer of the web services stack,providing a basic messaging framework that more abstract layers can build on.SOAP facilitates the Service-Oriented architectural pattern.

The name "SOAP" was originally an acronym for Simple Object Access Protocol, butthe full name was dropped in Version 1.2 of the SOAP specification…

(Source: http://en.wikipedia.org/wiki/SOAP)


SOAP Specifics

• Transport:– Commonly HTTP POST, but can also be

SMTP, JMS, etc.• Request format:

– XML (SOAP Envelope, Header, Body)• Response Format

– XML (SOAP Envelope, Header, Body)


What is WSDL?

• SOAP is the message format• WSDL describes the WS interface

The Web Services Description Language (WSDL) is an XML format published fordescribing Web services.

WSDL describes the public interface to the web service. This is an XML-basedservice description on how to communicate using the web service; namely, theprotocol bindings and message formats required to interact with the web serviceslisted in its directory. The supported operations and messages are describedabstractly, and then bound to a concrete network protocol and message format.

(Source: http://en.wikipedia.org/wiki/WSDL)


What is UDDI?

• SOAP and WSDL are common -- UDDI, notso much…

– In reality, you will most likely download the WSDLdirectly from the organization, not a commonUDDI directory

UDDI is an acronym for Universal Description, Discovery, and Integration – Aplatform-independent, XML-based registry for businesses worldwide to listthemselves on the Internet.

UDDI is nominally one of the core Web Services standards. It is designed to beinterrogated by SOAP messages and to provide access to WSDL documentsdescribing the protocol bindings and message formats required to interact with theweb services listed in its directory.

(Source: http://en.wikipedia.org/wiki/UDDI)


• To see SOAP in action, let’s use thefree Google WS API:

With the Google Web APIs service, software developers can query billions of webpages directly from their own computer programs. Google uses the SOAP andWSDL standards so a developer can program in his or her favoriteenvironment - such as Java, Perl, or Visual Studio .NET.

To start writing programs using Google Web APIs:1. Download the developer’s kit2. Create a Google Account3. Write your program using your license key

(Source: http://www.google.com/apis/)


• What we’retrying toaccomplish isperformingthis queryprogrammat-ically– XML results

instead ofHTML


• The WSDL (in the developer’s toolkit wedownloaded) describes the WS– The URL


• The available method calls:


• The binding:


• The request arguments:


• The response format:


• Here is the SOAP Request:


• And here is the SOAP Response:


• …and the first response element:


• SOAP Pros:– Mature and well understood (since 1998)– Apache AXIS is a robust server and client

implementation• http://ws.apache.org/axis/• Supports auto-generation of WSDL and Java-clients

– WSDL2Java– Java2WSDL

– Maven can automatically download the WSDL andgenerate client stubs during the build process

• Maven: A Developer’s Notebook, by Vincent Massoll andTimothy O’Brien


• SOAP Cons:– Quite verbose (over-engineered?)

• “SOAP is the EJB of the XML world…”– Not browser-friendly

• XSS• Poor XML support in JavaScript (DOM only)• Poor Schema/Namespace DOM support in IE


• SOAP is only one implementation ofWS.– There is a “kinder, gentler” form of WS

available to you


What is REST?

• The other white meat:Representational State Transfer (REST) is a software architectural style fordistributed hypermedia systems like the world wide web. The term originated in a2000 doctoral dissertation about the web written by Roy Fielding, one of theprincipal authors of the HTTP protocol specification, and has quickly passed intowidespread use in the networking community.

Systems that follow Fielding's REST principles are often referred to as RESTful;REST's most zealous advocates call themselves RESTafarians.

(Source: http://en.wikipedia.org/wiki/Representational_State_Transfer)


• What does that have to do with WS?

– MEP == “Message Exchange Pattern”

While REST originally referred to a collection of architectural principles, people nowoften use the term in a looser sense to describe any simple web-based interfacethat uses XML and HTTP without the extra abstractions of MEP-based approacheslike the web services SOAP protocol.

(Source: http://en.wikipedia.org/wiki/Representational_State_Transfer)


• There are two “types” of RESTful WSout there:– Pure REST (following Fielding’s principles)– Popular REST (essentially !SOAP)

• (NOTE: These definitions are mine, notWikipedia’s)


• Popular REST is a reaction to thecomplexity of SOAP– Transport: HTTP GET– Request format: URL + QueryString– Response format: XML

• Sometimes it is informally called POX (PlainOld XML) in homage to POJOs (Plain Old JavaObjects).


• You could implement a simple RESTfulPOX service using nothing but staticJSPs:– http://www.davisworld.org/carList.jsp


• Or, if backed by a dynamic resource,you can build a simple QueryStringdialect:– http://www.davisworld.org/carList?

action=getAvailable&make=Honda&color=red&year=2001

• This could be a thin mapping to SQL, or tomore complex/calculated business logic


• This human-readable“StringBuffer.append” method makes itincredibly easy to use in a web browser– But you can also use a Java client as well

in a non-web app


• Download theopen sourceHttpClientpackage fromApache:

http://jakarta.apache.org/commons/httpclient/


• To see a “Popular” RESTful WS inaction, let’s go over to Yahoo!

How do I get started?

1. Online DocumentationRead the online documentation and FAQs.

2. Get an Application IDTo access Yahoo! Search Webservices, you will need to get an application ID. Like abrowser's User-Agent string, the Application ID uniquely identifies your applicationand has no effect on rate limiting.

3. Download the SDKThe development kit includes BSD licensed examples and libraries for variouslanguages: Perl, Python and PHP, Java, JavaScript, and Flash.

(Source: http://developer.yahoo.net/search/index.html)


• Yahoo offers close to 20 differentRESTful services (Search, Maps,Weather, Traffic, Finance, Shopping)– Here is the same web search we did in

Google:• http://api.search.yahoo.com/WebSearchService

/V1/webSearch?appid=00000000&query=jboss+at+work


• Proponents of SOAP point to the power of theWSDL– Request/Response Schemas well defined– Auto-generation of client stubs

• Proponents of REST point to the power of theURL– Human readable– Zero barrier to entry– Trivial to test using a browser or any other

common tools (curl, wget)


• But both implementations I’ve shownyou thus far have been more similarphilosophically than different– Both have been RPC-centric

• Only the syntax changed

• A “Pure” REST app is Resource-centric,not RPC-centric


• “Pure” REST– Transport: HTTP [GET, PUT, DELETE,

POST]– Request format: URI

• The URI remains the same, the methodschange

• The URI is the “Primary Key” of the object– Response format: XML


• Implementing a Pure RESTful app usingservlets is trivial:– doGet, doPut, doDelete, doPost

• For a great series of articles on buildingyour own RESTful WS by Joe Gregorio:– http://www.xml.com/pub/at/34


• With SOAP, the WSDL is required– Need to define method names, signatures– The binding to HTTP is one of many choices

• There is nothing natively “web-like” about SOAP

• With REST, no WSDL is required becauseyou are using the native language/semanticsof the web– There is power in simplicity -- think SQL (select,

insert, update, delete)


• The main problem with “Popular”RESTful WS?– Since GET is their only transport, they tend

to expose non-idempotent transactions thatcan be easily cached/bookmarked/etc.

In computing, idempotence is the quality of something that has the same effect ifused multiple times as it does if used only once…

HTTP GET requests are supposed to be be idempotent. The web infrastructuremakes this assumption and often caches the result of these requests.

HTTP POST requests (usually used for user input forms) are not meant to beidempotent, so the result of a POST request is not cached.

(Source: http://en.wikipedia.org/wiki/Idempotence_%28computer_science%29)


What is Atom?

• For a great example of a “Pure” RESTful WS,let’s take a look at Atom

– Atom is an IETF standard format for weblogs• RSS (and it’s predecessor RDF) is a non-standardized,

RPC-centric protocol• Most applications support both RSS and Atom at this

point

Atom is the name of a specific web feed format. Web feeds, from a user'sperspective, allow Internet users to subscribe to websites that change or addcontent regularly. To use this technology, site owners create or obtain specializedsoftware (such as a content management system) which, in the machine-readableXML format, presents new articles in a list, giving a line or two of each article and alink to the full article or post.

(Source: http://en.wikipedia.org/wiki/Atom_%28standard%29)


• For example, my blog is at the URIhttp://www.davisworld.org/blojsom/blog/– You can read it using a standard web browser or

specialized software called a “feed reader” or“news aggregator”

• The aggregator retrieves the XML and formats itindependently of the L&F of the website

• It is like a combination of a web browser and an emailclient

– I subscribe to different feeds, and new/unread entries“appear” in my “inbox”


• Each new “feed” is a “syndication”– The URI remains the same, but new data

can always be found at the same address• Each entry has a unique URI as well -- the

“permalink”– http://www.davisworld.org/blojsom/blog/default/2006/

02/01/Evolve.html• Since the resources are accessed via a simple

GET, I can easily bookmark them


• The Atom Publishing Protocol is fully RESTful

– You can use the ROME framework to interact withAtom and RSS feeds programmatically

• https://rome.dev.java.net/

The Atom Publishing Protocol uses HTTP to edit and author webresources. The Atom Protocol uses the following HTTP methods:

GET is used to retrieve a representation of a resource or perform a query.POST is used to create a new, dynamically-named resource.PUT is used to update a known resource.DELETE is used to remove a resource.

(Source: http://ietfreport.isoc.org/idref/draft-ietf-atompub-protocol/)


• REST Pros:– Very browser/AJAX-friendly– Philosophically closer to the traditional web

than SOAP


• REST Cons:– Auto-generation of Java clients doesn’t

exist– Tightly coupled to HTTP


• Many popular websites offer both SOAP andRESTful interfaces– Amazon

• http://www.amazon.com/gp/browse.html/102-2243700-0003349?node=3435361

– eBay• http://developer.ebay.com/common/api

• A good search term to discover WS offeringsis “[website] api”– Ebay api– Amazon api


• With the popularity of AJAX on the rise(and the continuing weakness of nativebrowser XML support), there is a thirdWS “flavor” gaining steam:


What is JSON?

• We don’t need no stinkin’ XML…JSON (pronounced Jason), which stands for "JavaScript Object Notation", is alightweight computer data interchange format. JSON is a subset of the object literalnotation of JavaScript but its use does not require JavaScript.

JSON's simplicity has resulted in its widespread use, especially as an alternative toXML in Ajax. One of the claimed advantages of JSON over XML as a data interchangeformat in this context is that it is much easier to write a JSON parser. In Javascriptitself, JSON can be parsed trivially using the eval() procedure. This was importantfor the acceptance of JSON within the AJAX programming community because ofJavaScript's ubiquity among web browsers.

(Source: http://en.wikipedia.org/wiki/JSON)


• Even though JSON has “JavaScript” inits name, there are bindings for over 15other programming languages– See http://www.json.org/ for open source

parsers


• JSON specifics:– Transport: HTTP GET– Request format: URL + QueryString– Response format: JSON


• From a JavaScript perspective, once youhave a JSON string, all you need to do iseval() it:– Eval(menuDef);– No need for marshalling framework like Castor or

XMLBeans• Ruby uses a superset of JSON called YAMLYAML is a recursive acronym meaning "YAML Ain't Markup Language". Early in itsdevelopment, YAML was said to mean "Yet Another Markup Language", retronymedto distinguish its purpose as data-centric, rather than document markup.

(Source: http://en.wikipedia.org/wiki/YAML)


What is ESB?

• Once you have a solid understanding ofSOA/WS and all of the variousimplementations, you might considerputting an ESB in placeIn computing, an enterprise service bus refers to a software architecture construct,implemented by technologies found in a category of middleware infrastructureproducts usually based on Web services standards, that provides foundationalservices for more complex service-oriented architectures via an event-driven andXML-based messaging engine (the bus).

(Source: http://en.wikipedia.org/wiki/Enterprise_Service_Bus)


• In simple terms, an ESB aggregates andnormalizes WS through a common meta-language– BPEL (Business Process Execution Language) is

an XML dialect that is meant to generalize anymessaging protocol

• Including JMS, SOAP, REST, etc.– JBI (Java Business Integration) standard– ServiceMix is an open source (Apache-licensed)

ESB• http://www.logicblaze.com/servicemix.jsp


• So, are you ready for a round of BuzzwordBingo?

• SOA, WS• AJAX, HTML++, Client/SOA, XSS• Web 2.0• SOAP, WSDL, UDDI, XML-RPC• REST, POX• JSON, YAML• RSS, RDF, Atom• ESB, BPEL


Conclusion

• Thanks for your time!

– Questions?

– Email: [email protected]– Download slides:

• http://www.davisworld.org/presentations

Real World Web Services - Object...

Documents

Transcript of Real World Web Services - Object...